search cancel

Network Prevent for Web Detection Server stuck in starting state in Enforce Server

book

Article ID: 201704

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Network Monitor and Prevent for Web

Issue/Introduction

  • In the Enforce Server you see your Network Prevent for Web Detection Server stuck in 'starting' state.
  • Recycling the service does not resolve the issue
  • Checking in the boxmonitor logs on the Detection Server you can see that the FileReader is the service that is failing to start
  • The FileReader logs contain references to an ICAP trace folder that cannot be found

Cause

ICAP trace has been set to 'true' in the Detection Server settings but the folder for the ICAP trace files has been deleted or moved.

Environment

Release : 15.x

Resolution

  1. Recreate the directory referenced in the FileReader logs on the affected Detection Server.
  2. Review the server settings for the Network Prevent for Web server(s) in the Enforce console: Icap.EnableTrace should only be set to true during troubleshooting. Leaving it in this state will cause all incoming web traffic to be captured to files in the folder defined in the Icap.TraceFolder setting until the disk is full.
  3. The FileReader will fail to start if that folder is not present and the Icap.EnableTrace = true.
  4. After making the changes, restart the Detection Server service.

 

Additional Information

15.8 Advanced server settings (broadcom.com)

15.8 ICAP Trace logging: Network Prevent for Web protocol debug log files (broadcom.com)